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Amendme Its to the Claims: 



This 
the applicai ion 

Listing of Claims 



1. 



operation o 



cryptograpfi 



listing of claims will replace all prior versions, and listings, of claims in 



(Currently amended) A method for rollover of cryptographic keys during 



a computer system, the method comprising; 



providing an old set of cryptographic keys comprising at least a first 



ic key and a second cryptographic key, wherein the first cryptographic 



key protects an integrity of secret information stored in a database and the second 
cryptographic key protects access to the secret information stored in the database; 

chec king with a key repository to determine if a certificate re-issuance is 
necessary, meanwhile maintaining the availability of the old set of cryptographic 
keys; 

performing a rollover operation; 

if the rollover operation results in new or revised keys, storing the new or 
revised keys in the database; and 

if tho rollover operation resufts in the new or revised keys, providing the 
new or revi sed keys to applications that need them when next requested by such 
application4a 

whe 



reposftorv 



applications receive the reissued kev . 



2. 
key 

acting as 



an 



161972.01/2162.39 ?00 



ein the applications detect a missing kev, and check with the kev 



or the missing kev and, if the missing kev has been reissued, the 



(Prej/iously presented) The method of claim 1, wherein checking with the 
repositcpry comprises utilizing one or more services of a specialized application 
extension of the key repository. 
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3. (Previously presented) The method of claim 2 wherein: 

utilizing the one or more services of the specialized application comprises 
authenticat ng authorization of the specialized application to perform the one or 
more servic es. 

4. (Oriciinal) The method of claim 1 being invoked as a result of a command. 

5. (Orij)inal) The method of claim 1 being invoked as a result of a periodic 
check whicth senses that the old set of cryptographic keys are approaching 
expiration. 

6. (Ori£|inal) The method of claim 1 being invoked as a result of sensing an 
expired key. 

7. (Orijiinal) The method as in claim 1 , wherein the applications are notified of 
the presence of new keys by the Key Repository prcx:ess. 

8. (Canceled). 

9. (Orijiinal) The method as in claim 1 , wherein the Key Repository proc:ess is 
prompted by the applications to invoke the method as a result of the applications 
detecting a key approaching expiration. 

10. (Ori£|inal) The method as in claim 1. wherein the appliciations request the 
Key Repos tory process to provide thereto a new or revised key as a result of the 
applications^ detecting an expired key. 

1 1 . (Currently amended) A system, cx)mprising: 
a kejy repository configured to maintain at least a first key and a second 

key; and 
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a database coupled to the key repository and storing secret information, 
wherein the first key protects an integrity of the secret information 
stored in the database and the second key protects access to the 
secret information stored in the database^ 
wherein applications in communication with the k ev repository detect a 



(Previo 



12. 

one applica(tlon 
application 
one functior 



iously presented) The system of claim 1 1 further comprising at least 
that can access the key repository, wherein the at least one 
s pre-authorized to access the second key and can perform at least 
using the secret information without user intervention. 



15. (Previous 
has a valu^ 
share is baied 



16. 

with at least 
event occuis 
a user 
a user 
a user 



missing kev. and check with the kev repository for th e missing kev 
and, if the missino kev has been reissued, t he applications receive 
the reissued kev . 



13. (Previously presented) The system of claim 11 wherein the database 
comprises (entries defining at least one user of a first group of users and at least 
two users of a second group of users. 

14. (Previously presented) The system of claim 13 wherein the first key has a 
value that i^ based on a password associated with the first group of users. 



ly presented) The system of claim 13 wherein the second key 
that comprises a plurality of value shares and wherein each value 
on a password associated with the second group of users. 



(Previously 



presented) The system of claim 1 3 wherein a value associated 
one of the first key and the second key is changed when at least one 
, the at least one event selected from a group of events consisting of: 
of the first group of users being added; 
of the first group of users being deleted; 
of the second group of users being added; 
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of the second group of users being deleted; 
algorithm used by the system being changed; and 
(latabase being rewritten. 



20. (Pre^ 
used to 
with the 



161072.01/2162.38)00 



17. (Preii/iously presented) The system of claim 13 wherein the key repository 
is configured to provide access to the second key in response to receiving a 
threshold number of valid passwords, each password associated with a different 
user from ttjie second group of users. 

18. (Prel/iously presented) The system of claim 17 wherein the second key 
pemiits modification of at least one security parameter selected from ttie group 
consisting of: 

a thneshold number of valid passwords required to access the second key; 
user^ assigned to the first group of users; 
userts assigned to the second group of users; 

pre-authentication of an application to access at least one of the first key 

and the second key without user inten/ention; 
cryptographic algorithms used by the system; and 

pre-^uthentication of a program to act as an extension of the key 
repository. 

19. (Prei/iously presented) The system of claim 1 1 wherein the first key is used 
to encrypt a public key of an encryption algorithm. 



/iously presented) The system of claim 19 wherein the public key is 
enc rypt a value associated with the first key and values shares associated 
key. 



seciond 
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21. (Currently amended) A method for rollover of cryptographic keys during 
operation of a computer system, the method comprising: 

providing an old set of cryptographic keys comprising at least a first 
cryptographic key and a second cryptographic key. wherein the first cryptographic 
key protects an integrity of secret information stored in a database and the second 
cryptographic key protects access to the secret information stored in the database; 

checking with a key repository to determine if a certificate re-issuance is 
necessary, meanwhile maintaining the availability of the old set of cryptographic 
keys; 

perfomning a rollover operation; 

if the rollover operation results in new or revised keys, storing the new or 00 
revised keys in the database; and CO 



I 



If the rollover operation results in the new or revised keys, providing the 
new or revised keys to applications that need them when next requested by such ^ 
applications, 

wherein the applications detect a missing key, and check with the Key 
Repository for ttot -the missing key and, if the missing key has been reissued, the 
applications receive a now l v issu e d t he reissued key. 
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